Odoo Help


Setting up rules' Access Right in xml,csv files [Closed]

Obay Albadri
on 4/21/13, 7:12 AM 10,948 views

The Question has been closed

Sudhir Arya (ERP Harbor Consulting Services)
on 04/22/2013 02:16:24

I created new module depends on Project Management, i want to add new Groups,users,rules and Access controls in security folder. I successfully added groups and users, and for some extend Access Controls.

My Question is: how to specify the access right(Read/Write/Create/Delete) for every rule?.

For example: 1.User can create/read/write tasks (ACL) 2.User can read/modify only tasks assigned to him (Rule) 3.Project managers can see all tasks in their projects (Rule)

I couldn't find a documentation for this point, any links or explanations?

Is this related to: <field name="model_id" ref="model_project_task"/>

Obay Albadri
on 4/21/13, 7:40 AM
This question has been included in the official documentation.

Sudhir Arya (ERP Harbor Consulting Services)

--Sudhir Arya (ERP Harbor Consulting Services)--
| 6 8 8
Ahmedabad, India
--Sudhir Arya (ERP Harbor Consulting Services)--

• Co-Founder & Co-Owner at ERP Harbor Consulting Services

• ERP Consultant / ERP Customization / TechnoFunctional Expert

• Sound knowledge in Python, Odoo (Open ERP), XML, PostgreSQL

• Domain knowledge of Sale Management, Purchase Management, Warehouse Management, Manufacturing, Multi Company Configuration & Management, HR Management, Medical Management, Construction Management, Education Management, Point of Sale, Third Party Integrations

• Positive attitude and quick Learner

• Good analytical skill, quick bug and issue tracing and find the solution

• Good knowledge and experience in payment gateway integration with Odoo

• Ready to accept new challenges

• Active Memeber On Stackoverflow 




Sudhir Arya
ERP Harbor Consulting Services
Sudhir Arya (ERP Harbor Consulting Services)
On 4/21/13, 8:35 AM

Access Right This is how you can give read/write/create/delete rights in group on particular object by creating ir.model.access.csv file. See line number 1 & 2.

Access Rules This is how you can create access rules for particular object and groups by creating xml file.

For example:

    <record model="ir.rule" id="ir_values_my_costume_rule">
        <field name="name">My Rule Name</field>
        <field name="model_id" ref="model_your_model_name"/>
        <field name="domain_force">[('field','operator','value'),('user_id','=',user.id)]</field>
        <field name="perm_read" eval="True"/>
        <field name="perm_write" eval="True"/>
        <field name="perm_unlink" eval="True"/>
        <field name="perm_create" eval="True"/>

You must pass model_ before model name in <field name="model_id" ref="model_your_model_name"/> like this: model_sale_order or model_project_task.

Here in eval you can either pass True or False as per you need.

Record Rules can be defined from the menu also without creating any file : Settings->Technical->Security->Record Rules.

There are three main fields that you need to configure carefully in order to define "Record Rule"

  1. Object: On which you want to apply record rule. (in this example it is "Task" object).
  2. Domain: Setup domain for filtering the data.
  3. Groups: Add group for which you want to apply this record rule. If nothing to add then this rule is apply globally which is usually used to configuring multi-company record rule.

I am going to explain such access rule by taking the example of "Task" object of OpenERP.

In my example, suppose my requirement is like this:

The user 'rch' can access only list of tasks of following kind...

  1. list of all tasks which is not assigned to any user. i.e.('user_id','=',False)
  2. list of all tasks Which is assigned to user 'rch'. i.e.('user_id','=',user.id)
  3. list of all tasks of all the project's for which he is a member of. i.e.('project_id.members','in', [user.id])
  4. list of all tasks of the project for which he is a project manager. i.e.('project_id.user_id','=',user.id)

Configure your record rule as follow:

  1. Name: Tasks According to User and Project.
  2. Object: Task.
  3. Domain: ['|','|','|',('user_id','=',False),('user_id','=',user.id),('project_id.members','in', [user.id]),('project_id.user_id','=',user.id)].
  4. Groups: project/User.

Now add this group (project/User) to user 'rch'.

That is exactly what i am looking for, [<field name="perm_xxx" eval="True"/>], i couldn't find it any where else, thank you very much Arya.

Obay Albadri
on 4/21/13, 9:26 AM

Most welcome.

Sudhir Arya (ERP Harbor Consulting Services)
on 4/21/13, 9:27 AM

Just one thing <field name="perm_xxx" eval="True"/> didn't work for me, but <field name="perm_xxx" eval="1"/> did!

Obay Albadri
on 4/22/13, 6:21 AM

Hi sudhir Arya, In ir.model.access.csv file Is there any way to set noupdate="1" (like xml file) so admin users can freely customize them

on 11/15/13, 5:13 AM

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 4/21/13, 7:12 AM
Seen: 10948 times
Last updated: 6/6/17, 10:10 AM